作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (12): 120-122. doi: 10.3969/j.issn.1000-3428.2008.12.042

• 安全技术 • 上一篇    下一篇

基于可执行代码的缓冲区溢出检测模型

赵奇永,郑燕飞,郑 东

  

  1. (上海交通大学密码与信息安全实验室,上海 200240)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-06-20 发布日期:2008-06-20

Buffer Overflow Detection Model Based on Executable Code

ZHAO Qi-yong, ZHENG Yan-fei, ZHENG Dong   

  1. (Lab of Cryptograph & Information Security, Shanghai Jiaotong University, Shanghai 200240)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-06-20 Published:2008-06-20

摘要: 根据缓冲区溢出原理,提出一种基于可执行代码的缓冲区溢出检测模型,给出该模型的理论基础,描述模型构建的过程,提出新的缓冲区引用实例的识别方法。该模型将可执行代码反汇编为汇编代码,建立函数调用关系图和控制流图,分析缓冲区变量及其引用实例,从缓冲区引用实例逆程序流方向归结路径约束,通过约束求解判断缓冲区溢出可能与否。

关键词: 可执行代码, 缓冲区溢出, 缓冲区溢出检测, 约束求解

Abstract: According to the theory of buffer overflow, a buffer overflow detection model based on executable code is proposed. Its theory foundation is introduced and building procedure is described. In addition, new methods to recognize the reference of buffer are proposed. This model translates executable code to assembly code, gets functions call-relationship graph and control flow graph, builds buffer variables table and buffer references table. And from the buffer reference, it sums up path constraints against the control flow, judges buffer overflow by solving the constraints.

Key words: executable code, buffer overflow, buffer overflow detection, constraint solving

中图分类号: